Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-57699

Опубликовано: 05 фев. 2025
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.

A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.

Отчет

This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).

Меры по смягчению последствий

Red Hat Product Security does not have a recommended mitigation at this time.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
AMQ Clientsjson-smartNot affected
A-MQ Clients 2json-smartNot affected
Logging Subsystem for Red Hat OpenShiftjson-smartNot affected
Red Hat build of Apache Camel 4 for Quarkus 3quarkus-cxf-bomNot affected
Red Hat build of Apicurio Registry 2json-smartAffected
Red Hat build of Apicurio Registry 3json-smartNot affected
Red Hat build of Debezium 2json-smartAffected
Red Hat build of OptaPlanner 8json-smartNot affected
Red Hat Data Grid 8json-smartWill not fix
Red Hat Fuse 7json-smartOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-674
https://bugzilla.redhat.com/show_bug.cgi?id=2344073json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

EPSS

Процентиль: 8%
0.00029
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-57699

CVSS3: 7.5
ubuntu
11 месяцев назад

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.

nvd логотип

CVE-2024-57699

CVSS3: 7.5
nvd
11 месяцев назад

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.

debian логотип

CVE-2024-57699

CVSS3: 7.5
debian
11 месяцев назад

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. ...

github логотип

GHSA-pq2g-wx69-c263

CVSS3: 7.5
github
11 месяцев назад

Netplex Json-smart Uncontrolled Recursion vulnerability

EPSS

Процентиль: 8%
0.00029
Низкий

7.5 High

CVSS3